PECB Lead Implementer (ISO/IEC 27001) — Question 58

Does HealthGenic comply with the requirements of ISO/IEC 27001 regarding the monitoring and measurement process? Refer to scenario 16.

Answer options

• A. Yes, because the standard does not indicate when the monitoring and measurement should be performed
• B. Yes, because the standard indicates that the monitoring and measurement must be conducted every two years
• C. No, because even though the standard does not imply when such a process should be performed, the company must have a monitoring and measurement process in place

Correct answer: C

Explanation

The correct answer is C because ISO/IEC 27001 emphasizes the necessity of having a monitoring and measurement process, regardless of the timing specified. Options A and B are incorrect as they misinterpret the standard's requirements regarding the scheduling of these processes.